AMITIAE - Friday 10 January 2014

Cassandra: Mail from the IRS Branch Office in Colombia - An Old Phishing Tale

apple and chopsticks


By Graham K. Rogers


Three days, and three attempts at phishing, or perhaps planting malware. This time, the sender purported to be the IRS - The US Taxman. As I have not paid tax in the USA since 1986, this was a little suspect; but they might have taken to a new tactic and sent the forms out to anyone and everyone.

The sender was shown as Internal Revenue Service with an email address of which certainly looks right. This was compounded by a link in the email which showed the correct IRS website URL.

But it was all too obvious after the previous two days: one that was clearly suspicious, and a second one from Brazil. As before, I checked the attached ZIP file which had the tell-tale EXE suffix.

I had a look at the raw data in the mail and along with possibly genuine information, was a mention of "" preceded by an IP. I checked that with Apple's Network Utility and LACNIC confirmed that the mail was from Colombia.

more phishing

Not today, thank you. . . .

Keep your eyes open for any email with an attachment that looks too good to be true. It probably is.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.



Made on Mac

For further information, e-mail to

information Tag information Tag

Back to eXtensions
Back to Home Page